X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; q=dns; s=default; b=GJg5 uB5dJyAzlci13Y/oSZGh0ZG//0NjfqRBdbmEL0WDq+n4ipnNh0HJWP+a2fUfho1n h44nf7hI61HU9jp2h2mkwYukzuWBDgjETPtQHT8UZvjy3ULVb98HOdw0OgvmpGyf qBENLy4wNEYVSVLECYv2ltggX+u1lIIm4foQRgw= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; s=default; bh=GxttsfMCoP bh5i/lk3suRica6pc=; b=ZRdy71inrUC8TyyQ34HE8s6glSZXXEJpP84vySBDfD 7YZU7sgBHOuQcQuSQSV4OhQa/6v+fV+209U/6J8dh7MYPckW8mnnWQzvvfSBJkpg o8PEWHT653yTTMptL+lxKgGgLut7DqMIbDGGxY8j4XqU6sHO56D2kmmFuwg3l71Y A= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=xlaunch, who's, HX-Envelope-From:sk:daniel., activity X-HELO: mail-pf0-f175.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=HjUtl6TTnG7CnY3cgkWO6uZCtGgq+4hhP441qc00EHs=; b=SA7pU1F8liv3Lpao6euYK6Z1ciUOBXdKbKGw84GkB9rHX/bGozNGFXLE0PVZlgKerD 0WFWIuggCc/wOZv0nW0fmAkZkogHCFrioyPoTO983Y9yNVB6vMauPt/QXXC84QrD04Lj 084PvjX0TUaA7OEViJwTedMFr2eQWjJjSjnpmkp1VAquQfy/hXggxDughz0cII0GdOqo co6Ay0QUDd/2KHR2NuLjbM3nZvWaXjT4NwKeaVFiiNidjW5L9SjHJ/cSV+3CnDavsM0I Hce5GBw7Mf6AMMxqqRgPCsT6nXpf7d5qh4J3Kn9+t/Q09DhfRvllGLT2YdB/e4jo16sC 002g== X-Gm-Message-State: AKS2vOwKnTYMxglAKP4OtsprkptB0xHhBVKf8xnI47M1F4KnmtLBloMV /OEKuB9dlwM9bwQH+xTMzD2e9TC1pA== X-Received: by 10.99.144.65 with SMTP id a62mr12422818pge.108.1498688001232; Wed, 28 Jun 2017 15:13:21 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <22868.10096.929488.407450@gargle.gargle.HOWL> References: <22868 DOT 10096 DOT 929488 DOT 407450 AT gargle DOT gargle DOT HOWL> From: Dan Kegel Date: Wed, 28 Jun 2017 15:13:20 -0700 Message-ID: Subject: Re: XLanuch.exe is a Trojan-It allows remote control of my pc without my knowledge or permission To: cygwin AT cygwin DOT com Cc: Erik Soderquist Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes On Wed, Jun 28, 2017 at 3:02 PM, wrote: > I would also think about X11 permissions. Someone might be scanning > for activity on port 6000 (&c) and if they find something and it's not > locked down (see for example 'xhost(1)') it's trivial to just launch > X11 apps on your system which can cause all sorts of mischief. Also note that Xlaunch starts the X server, and can supply the commandline option needed to listen for connections on TCP. Maybe you put that in by accident while following some tutorial? It'd be interesting to see who's trying to connect to your machine via port 6000. Maybe run wireshark and listen for a while? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple